Personal tools

From HEXONET Wiki

Jump to: navigation, search
(removed references to premium dns)
(7 intermediate revisions by one user not shown)
Line 3: Line 3:
 
<p>  
 
<p>  
  
{{Warnbox|The DNS API has been extended to support new Premium DNS service starting on October 15th, 2018. Current DNS zone system will continue to work unchanged and unaffected until October 15th, 2018. Please make sure to read accordingly to see how the new changes will affect your DNS zone system.}}
+
= Our brand new DNS service =
  
The following are information relating to HEXONET's DNS Service, including how to create and manage DNS zone, using HEXONET's DNS with your domain and DNSSEC support.  
+
HEXONET has recently upgraded its entire DNS service, with the support of our colleagues in the CentralNic Registry DNS team. Old servers have been retired and a brand new, state-of-the-art Anycast network has taken their place. 13 nodes in 5 continents, with hundreds of servers split in 3 separate clouds ensure that your domains resolve fast and securely all over the world. Our average response time has dropped from 131 to 28 milliseconds, a level of performance that most providers can barely dream of.
  
To learn more about Premium DNS, go to [[Premium DNS|Premium DNS]].
+
DNS is a fundamental piece of a domain offering and we believe all customers should have access to a solid and secure DNS infrastructure.
  
To learn more about DNS management via the Control Panel, go to [[DNS in Control Panel]].
+
This is why we have retired our old Premium DNS offering and are making this new DNS service our standard option for all domains registered through HEXONET.
  
= DNS Service Restrictions =
 
=== Basic DNS ===
 
Basic DNS is available only for internal DNS zone, whereby the domain must be registered with HEXONET.
 
  
However, Basic DNS is not available for subdomains even if the parent domain is registered with HEXONET. To create a DNS zone for subdomains, it must be created with Premium DNS.
+
To learn more about DNS management via the Control Panel, go to [[DNS in Control Panel]].
  
=== Premium DNS ===
 
Premium DNS is available for any domain names, regardless if it is registered with HEXONET or not.
 
  
= Premium DNS Classes =
+
= How to use HEXONET DNS Service =
 
+
=== Create new DNS zone ===
{| class="wikitable" style="width:60% !important"
+
You can create a new DNS zone with the following command
|-
+
! scope="col" style="text-align:left; border:1px solid darkgray" | Premium DNS Plan
+
! scope="col" style="text-align:left; border:1px solid darkgray" | API Class
+
! scope="col" style="text-align:left; border:1px solid darkgray" | Maximum monthly query limit
+
|-
+
| style="text-align:left" | Premium 2M || 2M || 2 million queries
+
|-
+
| style="text-align:left" | Premium 5M || 5M || 5 million queries
+
|-
+
| style="text-align:left" | Premium 15M || 15M || 15 million queries
+
|-
+
| style="text-align:left" | Premium 30M || 30M || 30 million queries
+
|-
+
| style="text-align:left" | Premium 50M || 50M || 50 million queries
+
|-
+
| style="text-align:left" | Premium 75M || 75M || 75 million queries
+
|-
+
| style="text-align:left" | Premium 100M || 100M || 100 million queries
+
|-
+
| style="text-align:left" | Enterprise || ENTERPRISE || Unlimited queries
+
|}
+
 
+
 
+
= DNS Use Case =
+
=== Create new DNS zone with Basic DNS ===
+
You can create Basic DNS with the following command
+
  
 
<pre>
 
<pre>
Line 55: Line 24:
 
</pre>
 
</pre>
  
=== Get a list of all Basic DNS zones ===
 
You can query a list of all Basic DNS zone with the following command
 
  
<pre>
+
=== Create new DNS zone for a domain not registered with HEXONET ===
COMMAND = QueryDNSZoneList
+
It is possible to use the HEXONET DNS service to host domains registered with other Registrars (also referred to as "external zones"). This service is currently offered at no charge until the end of 2021. Resellers should, however, be aware that charges will apply starting from January 1st, 2022.
</pre>
+
  
=== Create new DNS zone with Premium DNS ===
+
To create an external zone, use the optional flag EXTERNAL=1
You can create Premium DNS with the following command
+
  
 
<pre>
 
<pre>
COMMAND = CreatePremiumDNS
+
COMMAND = CreateDNSZone
CLASS = (Premium DNS API class)
+
DNSZONE = (DNS zone name)
DNSZONE = (DNS zone name)  
+
EXTERNAL = 1
INTERNALDNS = 1
+
 
</pre>
 
</pre>
  
=== Get a list of all Premium DNS zones ===
 
You can query a list of all Premium DNS zone with the following command
 
  
<pre>
+
=== Create new DNS zone for a domain that is about to be transferred HEXONET ===
COMMAND = QueryDNSZoneList
+
It is possible to create a zone in the HEXONET DNS system in preparation for an incoming domain transfer to HEXONET.
PROPERTIES = PREMIUMDNS
+
PREMIUMDNSCLASS = *
+
</pre>
+
  
=== Get information on Premium DNS zone or Basic DNS zone ===
+
To create this type of zone, use the optional flag DOMAINTRANSFER=1
You can query all information regarding a DNS zone with the following command
+
  
 
<pre>
 
<pre>
COMMAND = StatusDNSZone
+
COMMAND = CreateDNSZone
 
DNSZONE = (DNS zone name)
 
DNSZONE = (DNS zone name)
 +
DOMAINTRANSFER = 1
 
</pre>
 
</pre>
  
=== Get Object ID for Premium DNS zone ===
+
Please note that if the domain transfer is not completed within 14 days from the creation of the zone, the zone is automatically deleted from the HEXONET DNS system.
You can get the object ID for a Premium DNS zone with the following command
+
  
<pre>
 
[COMMAND]
 
COMMAND = StatusDNSZone
 
DNSZONE = (DNS zone name)
 
EOF
 
  
[RESPONSE]
+
=== Get a list of all DNS zones ===
PROPERTY[PREMIUMDNS][0] = (Premium DNS object ID)
+
You can query a list of all DNS zone with the following command
EOF
+
</pre>
+
 
+
=== Change renewal mode of Premium DNS zone ===
+
You can enable or disable auto renew for a Premium DNS zone with the following command
+
  
 
<pre>
 
<pre>
COMMAND = SetPremiumDNSRenewalMode
+
COMMAND = QueryDNSZoneList
OBJECTID = (Premium DNS Object ID)
+
RENEWALMODE = AUTOEXPIRE | AUTORENEW
+
 
</pre>
 
</pre>
  
=== Renew Premium DNS zone ===
 
You can explicitly renew your Premium DNS zone with the following command
 
  
<pre>
+
=== Get information on a DNS zone ===
COMMAND = PayPremiumDNSRenewal
+
You can query all information regarding a DNS zone with the following command
OBJECTID = (Premium DNS Object ID)
+
PERIOD = 1Y
+
</pre>
+
 
+
Note, the PaidUntilDate will be incremented by one year to reflect the successful renewal status. There will be no changes to the ExpirationDate. On the day it expires, the system will automatically renew the zone and update the ExpirationDate accordingly.
+
 
+
=== Upgrade from Basic DNS to Premium DNS ===
+
You can upgrade from Basic DNS to Premium DNS with the following command
+
  
 
<pre>
 
<pre>
COMMAND = CreatePremiumDNS
+
COMMAND = StatusDNSZone
 
DNSZONE = (DNS zone name)
 
DNSZONE = (DNS zone name)
CLASS = (Premium DNS API class)
 
 
</pre>
 
</pre>
  
=== Upgrade to a higher tiered Premium DNS plan ===
 
You can upgrade Premium DNS zone to another Premium DNS plan with the following command
 
 
<pre>
 
COMMAND = UpgradePremiumDNS
 
CLASS = (Premium DNS API class)
 
OBJECTID = (Premium DNS object ID)
 
</pre>
 
 
Note, it is not possible to downgrade Premium DNS zone to a lower tiered plan while the current plan is still ongoing such as changing from a Premium 15M plan to a Premium 5M plan.
 
  
 
=== Add and manage records ===
 
=== Add and manage records ===
You can add and manage records for Basic DNS zone or Premium DNS zone with the following command
+
You can add and manage records for a DNS zone with the following command
  
 
<pre>
 
<pre>
Line 153: Line 78:
 
</pre>
 
</pre>
  
=== Enable or disable DNSSEC for Premium DNS zone ===
 
  
{{Warnbox|This feature is available only for Premium DNS zone}}
+
=== Enable DNSSEC ===
 
+
You can enable DNSSEC on DNS zones using the following command
You can enable or disable DNSSEC for Premium DNS zone with the following command
+
  
 
<pre>
 
<pre>
 
COMMAND = UpdateDNSZone
 
COMMAND = UpdateDNSZone
DNSSEC-MODE = AUTO | DISABLED
+
DNSSEC-MODE = AUTO
 
DNSZONE = (DNS zone name)
 
DNSZONE = (DNS zone name)
 
</pre>
 
</pre>
  
=== Get DNS query log for Premium DNS zone ===
+
Once enabled, you must input the DS and KEY records into the respective domain. You can get the DS and KEY record information by executing the following command
  
{{Warnbox|This feature is available only for Premium DNS zone}}
+
<pre>
 +
[COMMAND]
 +
COMMAND = StatusDNSZone
 +
DNSZONE = (DNS zone name)
 +
EOF
 +
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[DNSSEC-DS-SHA-1][0] = 20407 8 1 040772816032dc2a675d7f74725d747e47c45185
 +
PROPERTY[DNSSEC-DS-SHA-256][0] = 20407 8 2 a1dd1c5c5d78cd71477472ec5a3eeeaee65ecbc461b63ecd4630fd44d9492028
 +
PROPERTY[DNSSEC-KEY][0] = 257 3 8 AwEAAbfEdVJVqSuGwU8XEAtUWtODHv2CNPAwDKATFs0V17O2/Qe+vSUPadWNISqhSr7wAVrNxdNbOPxzw/iF8xN84GN3hArecKhX/+Yb6fSsucqkwd8fuloU+jTBAl4dq7LRM5DbqdLrN6MUyq1p2h86lP9pXjEaeTYtZ0i8zeV7IyG4d/q+FTNG+1Daw90YIvyFdek1HnNd9pXRSeYhdB8GyxZAGPPID0NBk5/L/nY3mCTi7ezQ7UsdVuB/W53sjlSgjgfFnxsqanN0XK87liuZ8fSMi84CPRTqoYglIBUVxHtTlZIN7Xg72g5HsNzX3EEQfcvkB4h62CcBKX3AIron3zc=
 +
PROPERTY[DNSSEC-KEY-TAG][0] = 20407
 +
PROPERTY[DNSSEC-MODE][0] = AUTO
 +
...
 +
EOF
 +
</pre>
  
You can get the query log for a Premium DNS zone with the following command
+
To input the records into the domain, execute the following command
  
 
<pre>
 
<pre>
COMMAND = QueryDNSZoneStats
+
COMMAND = ModifyDomain
DNSZONE = (DNS zone name)
+
ADDSECDNS-DS0 = (DNSSEC-DS from StatusDNSZone, you can choose either SHA-1 or SHA-256)
PERIODICITY = HOURLY | DAILY | MONTHLY
+
ADDSECDNS-KEY0 = (DNSSEC-KEY from StatusDNSZone)
 +
DOMAIN = (domain name)
 
</pre>
 
</pre>
  
The command will return the date, error count and response count for each query, given the selected time frame.
+
=== Disable DNSSEC ===
 +
You can disable DNSSEC on a DNS zone with the following command
  
 
<pre>
 
<pre>
[RESPONSE]
+
COMMAND = UpdateDNSZone
CODE = 200
+
DNSSEC-MODE = DISABLED
DESCRIPTION = Command completed successfully
+
DNSZONE = (DNS zone name)
PROPERTY[DATE][0] = 2018-09-02
+
PROPERTY[DATE][1] = 2018-09-03
+
PROPERTY[DATE][2] = 2018-09-04
+
PROPERTY[DATE][3] = 2018-09-05
+
PROPERTY[DATE][4] = 2018-09-06
+
PROPERTY[ERROR-COUNT][0] = 15
+
PROPERTY[ERROR-COUNT][1] = 9
+
PROPERTY[ERROR-COUNT][2] = 7
+
PROPERTY[ERROR-COUNT][3] = 5
+
PROPERTY[ERROR-COUNT][4] = 19
+
PROPERTY[RESPONSE-COUNT][0] = 38
+
PROPERTY[RESPONSE-COUNT][1] = 20
+
PROPERTY[RESPONSE-COUNT][2] = 14
+
PROPERTY[RESPONSE-COUNT][3] = 16
+
PROPERTY[RESPONSE-COUNT][4] = 42
+
EOF
+
 
</pre>
 
</pre>
 +
  
 
= Zone Commands =
 
= Zone Commands =
Line 209: Line 135:
  
 
= Document Downloads =
 
= Document Downloads =
Download: {{Template:Pdf|DNSZONE_API_Reference.pdf| DNS API}} (outdated)
 
 
Download: {{Template:Pdf|howTo_Nameserver_en.pdf| Virtual Nameserver Howto}}
 
Download: {{Template:Pdf|howTo_Nameserver_en.pdf| Virtual Nameserver Howto}}
 +
 +
 +
= FAQs & Troubleshooting =
 +
 +
== What information do I need to provide to investigate a particular behaviour ==
 +
Because our system uses anycast, we need to know which of our PoPs your queries are going to: the IP address itself isn’t enough, since it’s shared across many locations.  So any dig or nslookup command will not give the information that we need to debug where the problem is.
 +
 +
The following command line tools should be used:
 +
 +
* MTR → https://www.youtube.com/watch?v=1g64C4t4zGI
 +
* traceroute -A https://www.youtube.com/watch?v=YzyHXHJl_mU
 +
* dig yourdnsnamehere.com +nsid → https://www.youtube.com/watch?v=UAlzss-9sH0
 +
* dig soa yourdnsnamehere.com +nsid
 +
 +
Providing this information when you open a Support ticket will help us handle your request and find a solution a lot faster.
 +
 +
 +
== Why is my traffic ending up in another node? ==
 +
 +
Our Anycast networks use BGP to distribute traffic to different upstream providers around the world. These upstream providers range from Tier 1 level, the likes of Cogent, NTT, GTT, or others, and lower tiers which are local in a continent or a country, and traffic via Internet Exchanges which is either by using their route servers or through direct peering.
 +
 +
A BGP relationship is best effort by default, and once traffic leaves the premise it will be in the *total* control of upstream providers. Some upstream providers have pre-defined agreements that will influence the route the traffic will take once our packet leaves our network.
 +
 +
Due to loss of control of traffic once passed on to upstream providers, DNS clients traffic might be forwarded to nodes that are quite far in both terms of network connectivity and geographical distance.
 +
 +
For instance, a client in North America could see their DNS query routing towards a node in South Africa, when in fact the query should have been directed towards the many nodes available in North America.
 +
 +
Many providers will change their internal routing configuration after we contact them if we find an issue, but big players in the market like Hurricane Electric, never do so. Whilst we stopped our direct peering with them, many of our upstream providers use them as one of their own upstream connections.
 +
 +
Our DNS team continuously tracks those issues and contact suppliers where possible. Most of the time those issues get resolved, however it always takes time. We also employ the use of BGP communities where applicable, to influence how our upstreams route traffic.

Revision as of 09:33, 24 September 2021

DNS API

Contents

Our brand new DNS service

HEXONET has recently upgraded its entire DNS service, with the support of our colleagues in the CentralNic Registry DNS team. Old servers have been retired and a brand new, state-of-the-art Anycast network has taken their place. 13 nodes in 5 continents, with hundreds of servers split in 3 separate clouds ensure that your domains resolve fast and securely all over the world. Our average response time has dropped from 131 to 28 milliseconds, a level of performance that most providers can barely dream of.

DNS is a fundamental piece of a domain offering and we believe all customers should have access to a solid and secure DNS infrastructure.

This is why we have retired our old Premium DNS offering and are making this new DNS service our standard option for all domains registered through HEXONET.


To learn more about DNS management via the Control Panel, go to DNS in Control Panel.


How to use HEXONET DNS Service

Create new DNS zone

You can create a new DNS zone with the following command

COMMAND = CreateDNSZone
DNSZONE = (DNS zone name)


Create new DNS zone for a domain not registered with HEXONET

It is possible to use the HEXONET DNS service to host domains registered with other Registrars (also referred to as "external zones"). This service is currently offered at no charge until the end of 2021. Resellers should, however, be aware that charges will apply starting from January 1st, 2022.

To create an external zone, use the optional flag EXTERNAL=1

COMMAND = CreateDNSZone
DNSZONE = (DNS zone name)
EXTERNAL = 1


Create new DNS zone for a domain that is about to be transferred HEXONET

It is possible to create a zone in the HEXONET DNS system in preparation for an incoming domain transfer to HEXONET.

To create this type of zone, use the optional flag DOMAINTRANSFER=1

COMMAND = CreateDNSZone
DNSZONE = (DNS zone name)
DOMAINTRANSFER = 1

Please note that if the domain transfer is not completed within 14 days from the creation of the zone, the zone is automatically deleted from the HEXONET DNS system.


Get a list of all DNS zones

You can query a list of all DNS zone with the following command

COMMAND = QueryDNSZoneList


Get information on a DNS zone

You can query all information regarding a DNS zone with the following command

COMMAND = StatusDNSZone
DNSZONE = (DNS zone name)


Add and manage records

You can add and manage records for a DNS zone with the following command

COMMAND = UpdateDNSZone
DNSZONE = (DNS zone name)
ADDRR0 = (add new record)
DELRR0 = (remove record)


Enable DNSSEC

You can enable DNSSEC on DNS zones using the following command

COMMAND = UpdateDNSZone
DNSSEC-MODE = AUTO
DNSZONE = (DNS zone name)

Once enabled, you must input the DS and KEY records into the respective domain. You can get the DS and KEY record information by executing the following command

[COMMAND]
COMMAND = StatusDNSZone
DNSZONE = (DNS zone name)
EOF
 
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[DNSSEC-DS-SHA-1][0] = 20407 8 1 040772816032dc2a675d7f74725d747e47c45185
PROPERTY[DNSSEC-DS-SHA-256][0] = 20407 8 2 a1dd1c5c5d78cd71477472ec5a3eeeaee65ecbc461b63ecd4630fd44d9492028
PROPERTY[DNSSEC-KEY][0] = 257 3 8 AwEAAbfEdVJVqSuGwU8XEAtUWtODHv2CNPAwDKATFs0V17O2/Qe+vSUPadWNISqhSr7wAVrNxdNbOPxzw/iF8xN84GN3hArecKhX/+Yb6fSsucqkwd8fuloU+jTBAl4dq7LRM5DbqdLrN6MUyq1p2h86lP9pXjEaeTYtZ0i8zeV7IyG4d/q+FTNG+1Daw90YIvyFdek1HnNd9pXRSeYhdB8GyxZAGPPID0NBk5/L/nY3mCTi7ezQ7UsdVuB/W53sjlSgjgfFnxsqanN0XK87liuZ8fSMi84CPRTqoYglIBUVxHtTlZIN7Xg72g5HsNzX3EEQfcvkB4h62CcBKX3AIron3zc=
PROPERTY[DNSSEC-KEY-TAG][0] = 20407
PROPERTY[DNSSEC-MODE][0] = AUTO
...
EOF

To input the records into the domain, execute the following command

COMMAND = ModifyDomain
ADDSECDNS-DS0 = (DNSSEC-DS from StatusDNSZone, you can choose either SHA-1 or SHA-256)
ADDSECDNS-KEY0 = (DNSSEC-KEY from StatusDNSZone)
DOMAIN = (domain name)

Disable DNSSEC

You can disable DNSSEC on a DNS zone with the following command

COMMAND = UpdateDNSZone
DNSSEC-MODE = DISABLED
DNSZONE = (DNS zone name)


Zone Commands

HEXONET's DNS service platform was designed to dramatically simplify the management of DNS. More Information

Document Downloads

Download: Virtual Nameserver Howto


FAQs & Troubleshooting

What information do I need to provide to investigate a particular behaviour

Because our system uses anycast, we need to know which of our PoPs your queries are going to: the IP address itself isn’t enough, since it’s shared across many locations. So any dig or nslookup command will not give the information that we need to debug where the problem is.

The following command line tools should be used:

Providing this information when you open a Support ticket will help us handle your request and find a solution a lot faster.


Why is my traffic ending up in another node?

Our Anycast networks use BGP to distribute traffic to different upstream providers around the world. These upstream providers range from Tier 1 level, the likes of Cogent, NTT, GTT, or others, and lower tiers which are local in a continent or a country, and traffic via Internet Exchanges which is either by using their route servers or through direct peering.

A BGP relationship is best effort by default, and once traffic leaves the premise it will be in the *total* control of upstream providers. Some upstream providers have pre-defined agreements that will influence the route the traffic will take once our packet leaves our network.

Due to loss of control of traffic once passed on to upstream providers, DNS clients traffic might be forwarded to nodes that are quite far in both terms of network connectivity and geographical distance.

For instance, a client in North America could see their DNS query routing towards a node in South Africa, when in fact the query should have been directed towards the many nodes available in North America.

Many providers will change their internal routing configuration after we contact them if we find an issue, but big players in the market like Hurricane Electric, never do so. Whilst we stopped our direct peering with them, many of our upstream providers use them as one of their own upstream connections.

Our DNS team continuously tracks those issues and contact suppliers where possible. Most of the time those issues get resolved, however it always takes time. We also employ the use of BGP communities where applicable, to influence how our upstreams route traffic.